This disclosure on processing personal data, drawn up in accordance with Articles 12 and 13 of European Regulation no. 679 of 27 April 2016 (hereafter, also simply “GDPR”), has been drafted by the Data Controller, Neotech S.r.l., to provide its users/visitors – hereafter, also data subject(s) – with all the information they need to understand how their personal data will be processed after it is provided through https://www.thelanguagegrid.com (hereafter, also the “Website”).
1. DATA CONTROLLER’S DETAILS AND CONTACT INFORMATIONTHE LANGUAGE GRID S.R.L. registered office at 32 Via Carducci in Milan Tel. 3497633507 – email firstname.lastname@example.org certified email email@example.com
2. DATA PROCESSOR CONTACT DETAILS At present, no data processor has been appointed.
3. PURPOSE AND LEGAL BASIS FOR PROCESSINGA data subject (i.e. a visitor or user) might provide data through operations performed on the Website or directly to the Data Controller. Any such data will be processed in accordance with GDPR in order to include the data in the record of users/visitors who want to receive information and the newsletter, to determine the data subject’s needs and manage the required services, to perform administrative tasks and to fulfil specific requirements or tasks required by law. The data could also be used for statistical analysis and for marketing/promotional communication, without prejudice to the right of a visitor/user to the Website, at any time, to request that he/she no longer receives such communications. The legal grounds for the processing above relates to fulfilling the relationship to which the data subject is party. Moreover, a specific expression of consent will be sought for the marketing and promotional purposes.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS THAT MIGHT BE SENT PERSONAL DATA Data will not be disclosed, except for obligations tied to the service and the law. Such data can be communicated to third parties that operate on behalf of or for the Data Controller. It can also be disclosed to companies in the group and business partners, but solely to execute and manage the relationship, and for the activities and purposes described above, including those that are promotional in nature, and for administrative operations, legal and contractual consultancy, and legal obligations. Secretarial, accounting and invoicing staff might have access to such personal data, as well as those people in charge of managing and maintaining the processing systems. Any such communication of personal data shall, in any case, happen with a guarantee of the protection of the data subject’s rights as envisaged by the GDPR. Your name might be included in lists kept by the Data Controller and you might receive the periodic communications, in electronic or paper format, for visitors/users. The list of any data processors appointed is available from the Data Controller.
5. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANISATION, WITH DETAILS OF THE PRIVACY SAFEGUARDS Personal data will not be sent to countries outside of the EU or to international organisations. If such a need where to arise, the Data Controller would check to see if an adequacy decision has been made by the EU Commission that guarantees an adequate level of data protection.
6. PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED OR CRITERIA USED TO DETERMINE THAT PERIOD.The data will be kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which data is processed, as far as this is compatible with other obligations envisaged by law. The Data Controller has adopted a procedure for storing data: partly for reasons linked to the standard period of limitation, the minimum period for which data will be kept is 10 years.
7. DATA SUBJECT’S RIGHTSThe Data Controller wants to make sure you, the data subject, are aware of the following rights: a) Right to access, rectification, erasure, restriction and objection:A data subject can access his/her data at any time, ask that it be corrected if it is wrong, ask that any unnecessary data be erased (but not the data the Data Controller is required to keep by law) and restrict certain people from accessing the data; b) Right to data portability:A data subject has the right to receive any details he/she provided to a data controller in a structured, commonly used and machine-readable format, and to transmit this data to another controller without hindrance from the controller to which the personal data has been provided solely in the cases envisaged by Article 20, GDPR;c) Right to withdraw consent at any time:A data subject can withdraw consent at any time, accepting the consequences, although this does not change the Data Controller’s obligation to continue to store the personal data in question if this is necessary to meet the Data Controller’s legal obligations, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. d) Right to make a complaint to a privacy authority
8. MANDATORY OR OPTIONAL NATURE OF PROVIDING DATA The nature of the relationship to be created between the data subject and the Data Controller makes the provision of data mandatory for sending the newsletter and receiving the required information, but it is optional for those aspects linked to promotional and marketing activities.
9. CONSEQUENCES OF REFUSING TO RESPOND If a data subject refuses to provide the mandatory data, the Data Controller reserves the right to assess the consequences to attribute to such a refusal. This does not necessarily prevent the complete provision of the required services, unless the provision of such data is directly required by law or strictly necessary for the proper functioning of the relationship. In the latter cases, if the interested party refuses to provide the required data, the service cannot be commenced or executed, while if such refusal occurs during the execution of the contract, the relationship will have to be terminated. There is no consequence for failing to provide the optional data.
10. EXISTENCE OF PROFILING, AUTOMATED DECISION-MAKING PROCESSES, LOGIC USED AND CONSEQUENCES FOR THE DATA SUBJECT Where profiling is done of a data subject for marketing reasons, such profiling will be in compliance with GDPR and the data subject can object at any time.
THE LANGUAGE GRID S.R.L